To secure communications dispatched across networks and other communication links, especially un-trusted links, various public-key and/or symmetric-key cryptographic techniques are often put to use. Typically, public-key cryptography has better security properties but is more expensive computationally than symmetric-key cryptography. Therefore, the two types of cryptography may be combined, so as to use a public-key technique to negotiate a symmetric cipher between two entities. The symmetric-key cipher may then be used for bulk data transfer between the entities.
Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL), are widely-used examples of secure communication protocols that have this form, as well as IPSec (Internet Protocol Security) when security associations are negotiated using RSA-based (Rivest, Shamir & Adleman) mechanisms for IKE (Internet (or IPsec) Key Exchange).
A transaction accelerator such as that described in U.S. Pat. No. 7,120,666 (McCanne) can offer performance improvement for operations across a wide-area network (WAN), but only when the data being communicated is either intelligible (i.e., the transaction accelerator can interpret at least parts of the protocol) or repeating (i.e., identical data crosses the network in identical format). The use of secure communication protocols such as SSL and TLS thus typically frustrates transaction acceleration, because cryptography (by design) renders encrypted data unintelligible and non-repeating.
A method of using a cooperating pair of transaction accelerators to optimize secure end-to-end communications between a client and a server is described in U.S. Patent Publication No. US2007/0038853 (application Ser. No. 11/489,414), and involves the use of separate, split-terminated, secure protocol sessions between one transaction accelerator and the client, and between the cooperating transaction accelerator and the server.
However, transaction accelerators generally are not equipped to participate in all authentication schemes between a client and a server. In particular, traditional schemes for optimizing or accelerating network transactions may be unable to optimize a connection in which a server must authenticate a client using a digital certificate.
Previous attempts to enable transaction acceleration for a client-server connection established using a secure communication protocol that enforces client authentication have generally either ignored (i.e., not performed) authentication of the client, or allowed a transaction accelerator (or other entity) to employ a substitute certificate in place of a client's true digital certificate to terminate the client's end of the connection.
Typically, solutions of the latter type apply a single substitute certificate for all clients, or apply one of a small number of substitute certificates, wherein each substitute certificate was used for a different class or subset of clients. As a result, authentication that requires a unique client attribute would fail under these schemes, or, even if authentication succeeded, a server may be unable to distinguish between multiple clients.